We build websites that are GDPR and CCPA, and CalOPPA compliant.
GDPR and CCPA are two different but related sets of regulations that require companies to protect the privacy of their customers. Both are designed to protect people’s personal data from being misused by companies, but they have different methods. The chief difference between the two is that GDPR focuses on European citizens, while CCPA applies to US citizens.
GDPR stands for General Data Protection Regulation. It was created by the European Commission in 2016 to protect consumers’ rights regarding their personal data and privacy. It applies only within the EU, but it’s crucial for businesses outside of Europe because other countries follow its lead (you can read about some examples here). The rules outline how companies must securely store data about their customers and how they can use it. They also require organizations to notify customers if a breach affects them personally or makes them vulnerable (which could include things like identity theft).
CCPA stands for California Consumer Privacy Act of 2018, was passed by California legislators in June 2018. It went into effect on January 1st, 2020, with an opt-out provision until 2022. This law requires all businesses in California—and any companies that have customers in California—to disclose what data they collect about their customers and allow them to opt out of having their data sold.